There is a lot of buzz building over fifth-generation mobile networks (5G) and how they will revolutionize the fast-growing numbers of internet-connected devices — but what about security?
What makes 5G so closely tied to billions of Internet of Things (IoT) devices is its speed (5G is expected to be 10 times faster than 4G LTE), low latency, and the fact that it is expected to use Low Power Wide Area (LPWA) technology to connect large numbers of far-flung, low-power IoT devices for industrial applications.
It should be noted that the revolution of 5G and IoT is still years away (by 2022, only about 15 percent of the world’s population will have access to 5G networks, according the Ericcson). But that doesn’t mean we shouldn’t start planning today for a 5G/IoT future of tomorrow.
The IoT is already rife with security issues resulting from poor incentives to fix vulnerabilities. At the same time, we are spiraling closer towards a hyper-connected world with the increasing momentum around 5G infrastructure. As telecommunications organizations build more infrastructure for 5G networks, we can expect to see wider adoption of IoT devices and an increase in the impact of the threats they pose.
The number of IoT devices is forecast to grow to 31 billion devices by 2020, with the number rising to 74 billion by 2025, according to Statista. The growing number of connected devices increases security risk in two ways: By increasing the attack surface available to hackers of the devices themselves; and by providing potential processing power to cybercriminal botnets beyond the devices. Further, unlike many of today’s threats—identity theft and credit-card fraud, for example—many IoT security threats could impact the physical world.
Future Threats to Mission-Critical Infrastructure
As the IoT grows beyond consumer devices such as toys, smart TVs and refrigerators, the risks become greater. These threats can come in the form of hacked control systems in autonomous vehicles, attacks on smart grids and even compromises in medical devices such as insulin pumps and pacemakers. Last October, the FDA recalled half a million connected pacemakers that were vulnerable to hacks. As 5G enables more always-on connections to critical IoT devices like these, the potential scale of impact and likelihood that they will garner attention from cybercriminals increases drastically.
Understanding and addressing these potential threats early on is essential to preserving the promised digital utopia of a 5G-connected world. Fortunately, the switch to 5G networks provides an opportunity for us to rethink the way we secure connections.
What the Secure 5G-Enabled World Looks Like
First, improved identity management must be a factor in securing a 5G-enabled future. Attribution is a thorny subject for security professionals today because it is so easy for cybercriminals to cover their tracks or assume another identity online. This may involve a fundamental change to how we use the internet, which will make it more difficult for hackers to move across the web undetected. Two-factor authentication is a good start, but increasingly we’ll need to look for advanced identifiers like biometrics, geolocation, token-based authentication and even device movement.
Secondly, 5G networks need to bake in secure connectivity from the beginning. A good place to start is implementing end-to-end encryption across all 5G networks. Not only does encryption play a role in privacy, certificate management is crucial for the identity management discussed earlier. As more of the last-mile internet pathways are shared, users will no longer be able to rely on securing access to their Wi-Fi networks to make their devices secure. End-to-end encryption will prevent anyone, but the intended recipient, from seeing traffic.
Thirdly, those running 5G networks and enterprises adopting IoT assets must consider what is going on in their networks. Visibility into network packets and anomalies in activity becomes more important and more difficult the broader a network becomes. Increased visibility into the activity of IoT endpoint devices will make it easier to scan for malicious or unauthorized activity at whatever scale is needed. Visibility will also enable automated remediation of discovered cybersecurity threats through artificial intelligence, which will make managing the volume of cyber-threats a more reasonable task.
Finally, the security of IoT devices themselves presents challenges. For example, devices with sensors must be secure to ensure that someone doesn’t tamper with them; hackers could for instance alter sensors at a utility to say that the temperatures are in an acceptable range when in fact they aren’t.
Device chipsets must allow firmware updates as well. It will no longer be acceptable to have an industrial control system or medical device that doesn’t allow password or firmware updates.
The move to 5G networks is full of promise. We’ll be able to use our devices anywhere, for personal or business use, while speed and reliability increase. But at the same time, it presents an opportunity for us to think about the way we securely connect to the digital world. By taking a little time to think about the security consequences of our technology and bake them into the foundation of this new era of connectivity, we will be able to save future cybersecurity defenders from the struggles we are facing now.
(Steve McGregory is a Senior Director of Application and Threat Intelligence at Ixia, a Keysight business)